CVE-2008-6097

Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html
http://secunia.com/advisories/32087	Vendor Advisory
http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444
http://www.securityfocus.com/bid/31525	Exploit
http://osvdb.org/48790
https://exchange.xforce.ibmcloud.com/vulnerabilities/45603

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wikyblog:wikyblog:1.6.1.7:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.7.2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.7:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.0.2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7:rc3::::::
	cpe:2.3:a:wikyblog:wikyblog:1.7:rc2::::::
	cpe:2.3:a:wikyblog:wikyblog:1.6.1.4:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6.1.3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6.1.2:::::::*
	cpe:2.3:a:wikyblog:wikyblog::::::::
	cpe:2.3:a:wikyblog:wikyblog:1.3.2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7.1.1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.15:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.12:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6b1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.7.4:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.14:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.0.3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.5:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7.0.1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6.1.6:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.13:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.6:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.7.3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.7:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6.1.5:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.2.3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.4:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7.1:rc1::::::
	cpe:2.3:a:wikyblog:wikyblog:1.4.8:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6.1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7.1b2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.11:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.9:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7:rc1::::::
	cpe:2.3:a:wikyblog:wikyblog:1.7b3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.6:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7b1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.4:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.2.2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7.1b1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6.1.1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.5.5:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.2.1:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7b2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.6b3:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.7.1:rc2::::::
	cpe:2.3:a:wikyblog:wikyblog:1.6b2:::::::*
	cpe:2.3:a:wikyblog:wikyblog:1.4.10:::::::*

Information

Published : 2009-02-09 09:30

Updated : 2017-08-07 18:33

NVD link : CVE-2008-6097

Mitre link : CVE-2008-6097

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

wikyblog

wikyblog

4.3 /10